CN110943837B - User password encryption method based on improved MD5 encryption algorithm - Google Patents

User password encryption method based on improved MD5 encryption algorithm Download PDF

Info

Publication number
CN110943837B
CN110943837B CN201911280697.1A CN201911280697A CN110943837B CN 110943837 B CN110943837 B CN 110943837B CN 201911280697 A CN201911280697 A CN 201911280697A CN 110943837 B CN110943837 B CN 110943837B
Authority
CN
China
Prior art keywords
password
encrypted
algorithm
random number
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911280697.1A
Other languages
Chinese (zh)
Other versions
CN110943837A (en
Inventor
陈虹
张子浩
刘雨朦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Liaoning Technical University
Original Assignee
Liaoning Technical University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Liaoning Technical University filed Critical Liaoning Technical University
Priority to CN201911280697.1A priority Critical patent/CN110943837B/en
Publication of CN110943837A publication Critical patent/CN110943837A/en
Application granted granted Critical
Publication of CN110943837B publication Critical patent/CN110943837B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Abstract

The invention provides a user password encryption method based on an improved MD5 encryption algorithm, and relates to the technical field of information security. Firstly, encrypting a password input during user registration through an MD5 algorithm to obtain initial encrypted data, then generating a random number through an elliptic curve, sending the random number into a pseudo-random number generator, generating a random character string by the elliptic curve and the pseudo-random number generator together, and generating new encrypted data as a message digest to be stored in a database after bitwise exclusive-OR with the encrypted data generated by the MD5 algorithm. When the user logs in again, the input password is encrypted, and the encrypted ciphertext is compared with the ciphertext stored in the database for verification. The method is based on improving the MD5 encryption algorithm, and increases random character strings to carry out exclusive OR operation after the original MD5 algorithm is operated, so that the randomness and collision resistance of the algorithm are increased, the safety of the algorithm is improved, and the exhaustive attack, birthday attack and differential attack can be effectively resisted.

Description

User password encryption method based on improved MD5 encryption algorithm
Technical Field
The invention relates to the technical field of information security, in particular to a user password encryption method based on an improved MD5 encryption algorithm.
Background
With the development of computer and internet technologies, a large number of websites and APP services need users to register, and the users are required to set passwords while registering; the user password plays a good role in protecting the related information of the user. However, in recent years, many enterprises have user information leakage events, and the leakage data is not encrypted or encrypted in a weak manner, so that a hacker can restore the original user password. At least hundreds of information leakage events are exposed at present, wherein the information leakage events comprise a plurality of first-line Internet companies, and the total leakage amount is more than 10 hundred million.
The MD5 encryption algorithm is widely used in important fields such as file verification, transaction verification, account comparison, message verification and the like, and has very important significance for protecting website data and preventing exposure of private privacy data. The MD5 algorithm has irreversibility and uniqueness, but since the length of the MD5 message digest is only 128 bits, the collision phenomenon must occur when the file size is gradually increased, an attacker can always find one or more groups of plaintext to make the value of the MD5 message digest equal in a short time by using a hash collision attack, and the MD5 security is threatened.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a user password encryption method based on an improved MD5 encryption algorithm, which realizes encryption and decryption of user passwords.
In order to solve the technical problems, the invention adopts the following technical scheme: a user password encryption method based on an improved MD5 encryption algorithm comprises the following steps:
step1: when a user registers, inputting a password, and encrypting the password through an MD5 algorithm to obtain encrypted data Q;
step2: generating random numbers through elliptic curve encryption; recording the current system time as d, generating dynamic information according to the system time d, sending the dynamic information into an elliptic curve for encryption, randomly selecting a point set G generated after encryption from the elliptic curve after the elliptic curve is encrypted n Taking a group of coordinate points randomly after the points on the abscissa axis and the ordinate axis and the infinity points are removed in the (1, 1) and expanding the coordinate points to 64 bits, and marking the coordinate points as e and f;
step3: operating a pseudo-random number generator to generate a random string; using e and f as inputs to a pseudo-random number generator, a system generated key K 1 And K 2 As key operation generator, a pseudo random number R is generated i And new seed V i+1 The character strings with 128 bits are generated in a merging way and marked as R;
step4: performing bitwise exclusive OR on the random character string generated in the step3 and the encrypted data obtained in the step1 to obtain an encrypted user password; the character strings Q and R are exclusive-ored according to the bits to generate a new 128-bit ciphertext as a message digest, namely, the encrypted user password is d, K 1 ,K 2 The encrypted user password is stored in the corresponding password storage field of the user in the database at the same time, thus completing the password matchingEncryption of the user password;
step5: when the user logs in again, the input password is encrypted in the steps 1-4, wherein d, K 1 And K 2 Extracting from the database for operation; and comparing the encrypted ciphertext with the ciphertext stored in the database, and if the encrypted ciphertext is the same as the ciphertext, correcting the password of the user.
The beneficial effects of adopting above-mentioned technical scheme to produce lie in: according to the user password encryption verification method based on the improved MD5 encryption algorithm, the random character strings are added to conduct exclusive OR operation after the original MD5 algorithm is operated, so that the randomness and collision resistance of the algorithm are improved, the safety of the algorithm is improved, and the exhaustive attack, birthday attack and differential attack can be effectively resisted.
Drawings
FIG. 1 is a flowchart of a user password encryption method based on an improved MD5 encryption algorithm according to an embodiment of the present invention;
fig. 2 is a schematic diagram of an MD5 encryption algorithm provided in an embodiment of the present invention;
FIG. 3 is a main loop diagram of an MD5 encryption algorithm provided by an embodiment of the present invention;
FIG. 4 is a block diagram illustrating an implementation of the MD5 encryption algorithm according to an embodiment of the present invention;
FIG. 5 is an elliptic curve y provided by an embodiment of the present invention 2 =x 3 An image plot of +x+1;
FIG. 6 is a schematic diagram of an ANSI X9.17 pseudo-random number generator according to an embodiment of the present invention.
Detailed Description
The following describes in further detail the embodiments of the present invention with reference to the drawings and examples. The following examples are illustrative of the invention and are not intended to limit the scope of the invention.
In this embodiment, a user password encryption method based on an improved MD5 encryption algorithm, as shown in fig. 1, includes the following steps:
step1: when a user registers, inputting a password, and encrypting the password through an MD5 algorithm to obtain encrypted data Q;
the basic principle of the MD5 is that data information with limited length is grouped by taking 512 bits as a unit, each group is divided into 16 32-bit sub-groups, four rounds of operation are carried out, four output 32-bits are cascaded into a 128-bit hash value which is used as an information abstract, and the principle of an MD5 encryption algorithm is shown in fig. 2, and the specific steps are as follows:
step1: filling information; grouping in 512 bits, reducing the message length by 64 times 512, namely filling one 1 and N0, so that the length of the input information is Nx512+448 (bit), and reserving the last 64 bits;
step2: storing the original message, complementing the last 64 bits; writing the length of the original data before filling into 64 reserved bits in Step1 in binary representation, wherein the information length is changed into Nx512+448+64= (N+1) x 512 (bit);
step3: initializing an MD5 cache region; four 32-bit chain variables contained in the MD5 algorithm are initialized, and the four 32-bit chain variables are respectively:
A=0x23456789
B=0x89FEDCBA
C=0xABCDEF98
D=0x98765432
step4: grouping processing data and four-wheel cyclic operation; the first packet copies four chain variables into the other 4 variables: a to a, B to B, C to C, D to D; the variables from the second packet are the result of the operation of the previous packet, i.e., a=a, b=b, c=c, d=d. The main cycle has four wheels, each substantially identical, as shown in figure 3. The execution is as shown in fig. 4, i.e. three of a, b, c, d are taken as a nonlinear function operation, the obtained result is added with a subgroup of the fourth variable and text and a constant, the obtained result is then shifted left by an indefinite number, one of a, b, c or d is added, the result is used to replace one of a, b, c or d, and the nonlinear function for operation is as shown in table 1, one for each round.
TABLE 1 nonlinear function
F(X,Y,Z)=(X&Y)|((~X)&Z) F function
G(X,Y,Z)=(X&Z)|(Y&(~Z)) G function
H(X,Y,Z)=X^Y^Z H function
I(X,Y,Z)=Y^(X|(~Z)) I function
Wherein: and operator, | OR operator, & -NOT operator, & -XOR operator.
Step5: and outputting the message abstract. After all the packets are processed, the output of the n+1st stage is 128-bit message abstract, namely the encrypted data Q.
Step2: generating random numbers through elliptic curve encryption; recording the current system time as d, generating dynamic information according to the system time d, sending the dynamic information into an elliptic curve for encryption, randomly selecting a point set G generated after encryption from the elliptic curve after the elliptic curve is encrypted n Taking a group of coordinate points randomly after the points on the abscissa axis and the ordinate axis and the infinity points are removed in the (1, 1) and expanding the coordinate points to 64 bits, and marking the coordinate points as e and f;
elliptic curve encryption takes an elliptic curve as a core and is a unidirectional irreversible public key cryptosystem. It is common in passwords to have curves over finite fields, i.e. all coefficients are elements in a certain finite field GF (n), where n is a large prime number. Of which the most common is represented by equation y 2 =x 3 +ax+b(a,b∈GF(n),4a 3 +27b 2 Not equal to 0). The present embodiment takes a=1, b=1, i.e. equation y=x 3 +x+1 performing operationAs shown in FIG. 5, the image is a continuous curve, set G n (1, 1) represents a point set { (x, y) |0. Ltoreq.x < n, 0. Ltoreq.y < n, and x, y are integers } and an infinity point O (O is an addition unit, i.e., there is G+O=G for any point G on the elliptic curve). G n (1, 1) is produced by:
step1: for each integer x (0.ltoreq.x < n), x is calculated 3 +x+1(modn);
Step2: whether or not there is a square root in the modulus n obtained in Step1 is determined, and if there is no point corresponding to x on the elliptic curve, if there is a point corresponding to x, two square roots are obtained (only one square root when y=0).
Elliptic curve y over GF (n) in the manner described above 2 =x 3 +x+1 is common at the integer point of the first quadrant plus the infinity point O
Figure BDA0002316660260000041
And each. In the present embodiment, a random number or other random code is generated according to time, that is, dynamic information is used as n to perform operation, and a point set G is generated n The point on the axis of abscissa (i.e., the point of x=0, y=0) and the point of infinity are removed in (1, 1), then a coordinate point is randomly taken, the coordinate values of the coordinate points x and y are expanded to 64 bits, and are recorded as e and f, and are used as the input of the pseudo-random number generator.
Step3: operating a pseudo-random number generator to generate a random string; using e and f as inputs to a pseudo-random number generator, a system generated key K 1 And K 2 As key operation generator, a pseudo random number R is generated i And new seed V i+1 The character strings with 128 bits are generated in a merging way and marked as R;
pseudo-random number generator based on ANSI X9.17 (financial institution key management specification by national standards institute) adopts DES (Data Encryption Standard ) standard, which is one of the highest-password-strength pseudo-random number generators, as shown in fig. 6, in which DT i Representing the current date and time, EDE represents the triple DES of two keys, and the operation of the pseudo random number generator is divided into 3 parts as can be seen from FIG. 6:
step1: inputting e and f generated by elliptic curve, wherein DT i Representing the current date and time, each generating a number R i After DT i Are updated once; v (V) i The seed is used for generating the ith random number, the initial value can be set arbitrarily, the random number q is set in the embodiment, and the seed is automatically updated every time later.
Step2: a key. The pseudo-random number generator uses 3 triple DES encryption, with 3 encryption using the same two 56-bit keys K 1 And K 2 These two keys are generated by the system in advance, must be kept secret and cannot be used for other purposes.
Step3: and outputting. Output as a 64-bit pseudo random number R i And a 64-bit new seed V i+1 Wherein:
Figure BDA0002316660260000042
Figure BDA0002316660260000043
step4: performing bitwise exclusive OR on the random character string generated in the step3 and the encrypted data obtained in the step1 to obtain an encrypted user password; the character strings Q and R are exclusive-ored according to the bits to generate a new 128-bit ciphertext as a message digest, namely, the encrypted user password is d, K 1 ,K 2 Simultaneously storing the encrypted user password in a corresponding password storage field of the user in a database, so as to complete the encryption of the user password;
step5: when the user logs in again, the input password is encrypted in the steps 1-4, wherein d, K 1 And K 2 Extracting from the database for operation; and comparing the encrypted ciphertext with the ciphertext stored in the database, and if the encrypted ciphertext is the same as the ciphertext, correcting the password of the user.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced with equivalents; such modifications and substitutions do not depart from the spirit of the corresponding technical solutions, which are defined by the scope of the appended claims.

Claims (1)

1. A user password encryption method based on an improved MD5 encryption algorithm is characterized by comprising the following steps of: firstly, encrypting a password input during user registration through an MD5 algorithm to obtain initial encrypted data, generating a random number through an elliptic curve, then sending the random number into a pseudo-random number generator, generating a random character string by the elliptic curve and the pseudo-random number generator together, and generating new encrypted data as a message digest to be stored in a database after bitwise exclusive-OR with the encrypted data generated by the MD5 algorithm;
the method specifically comprises the following steps:
step1: when the user registers, the user inputs the password, encrypts the password through MD5 algorithm to obtain encrypted dataQ
Step2: generating random numbers through elliptic curve encryption; the step includes recording the current system time asdAccording to the system timedGenerating dynamic information, sending the dynamic information into an elliptic curve for encryption, and generating a point set on the elliptic curve after the elliptic curve is encrypted
Figure QLYQS_1
Removing points on the axis of abscissa and axis and infinity points, then randomly taking a group of coordinate points, and combining the coordinate pointsxAndythe coordinate value of (2) is extended to 64 bits and is recorded aseAndf
step3: operating a pseudo-random number generator to generate a random string; the steps includeeAndfas input to the pseudo-random number generator, a system generated keyK 1 AndK 2 as key operation generator, generated pseudo random numberR i And new seedsV i+1 The character strings combined to generate 128 bits are recorded asR;
Step4: performing bitwise exclusive OR on the random character string generated in the step3 and the encrypted data obtained in the step1 to obtain an encrypted user password; the step includes encrypting the dataQAnd character stringRGenerating a new 128-bit ciphertext as an information abstract, namely an encrypted user password, according to the bit exclusive ORdK 1K 2 Simultaneously storing the encrypted user password in a corresponding password storage field of the user in a database, so as to complete the encryption of the user password;
step5: when the user logs in again, the input password is encrypted according to the steps of the steps 1-4, wherein,dK 1 andK 2 extracting from the database for operation; and comparing the encrypted ciphertext with the ciphertext stored in the database, and if the encrypted ciphertext is the same as the ciphertext, correcting the password of the user.
CN201911280697.1A 2019-12-13 2019-12-13 User password encryption method based on improved MD5 encryption algorithm Active CN110943837B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911280697.1A CN110943837B (en) 2019-12-13 2019-12-13 User password encryption method based on improved MD5 encryption algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911280697.1A CN110943837B (en) 2019-12-13 2019-12-13 User password encryption method based on improved MD5 encryption algorithm

Publications (2)

Publication Number Publication Date
CN110943837A CN110943837A (en) 2020-03-31
CN110943837B true CN110943837B (en) 2023-06-06

Family

ID=69911255

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911280697.1A Active CN110943837B (en) 2019-12-13 2019-12-13 User password encryption method based on improved MD5 encryption algorithm

Country Status (1)

Country Link
CN (1) CN110943837B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112019535B (en) * 2020-08-26 2023-03-07 北京信安世纪科技股份有限公司 Password authentication method

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105491030A (en) * 2015-11-27 2016-04-13 韦昱灵 Website user password encryption and verification method
CN107948155A (en) * 2017-11-24 2018-04-20 重庆金融资产交易所有限责任公司 Cryptographic check method, apparatus, computer equipment and computer-readable recording medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8184803B2 (en) * 2008-12-29 2012-05-22 King Fahd University Of Petroleum And Minerals Hash functions using elliptic curve cryptography

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105491030A (en) * 2015-11-27 2016-04-13 韦昱灵 Website user password encryption and verification method
CN107948155A (en) * 2017-11-24 2018-04-20 重庆金融资产交易所有限责任公司 Cryptographic check method, apparatus, computer equipment and computer-readable recording medium

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
Miss Manorama Chauhan.An implemented of hybrid cryptography using elliptic curve cryptosystem (ECC) and MD5.2016 International Conference on Inventive Computation Technologies.全文. *
郑晓松.MD5加密算法的改进及应用.数字技术与应用.2012,第3节. *
陈虹.基于椭圆曲线的改进RC4算法.计算机应用.2019,第3节. *

Also Published As

Publication number Publication date
CN110943837A (en) 2020-03-31

Similar Documents

Publication Publication Date Title
Mathur et al. AES based text encryption using 12 rounds with dynamic key selection
US10951392B2 (en) Fast format-preserving encryption for variable length data
EP3563512B1 (en) Equivocation augmentation dynamic secrecy system
US7899190B2 (en) Security countermeasures for power analysis attacks
US8189775B2 (en) Method of performing cipher block chaining using elliptic polynomial cryptography
US20080084996A1 (en) Authenticated encryption method and apparatus
US7190791B2 (en) Method of encryption using multi-key process to create a variable-length key
US8331558B2 (en) Method of cipher block chaining using elliptic curve cryptography
JP2008513811A (en) Calculation conversion method and system
Walia et al. Implementation of new modified MD5-512 bit algorithm for cryptography
US9391770B2 (en) Method of cryption
CN110943837B (en) User password encryption method based on improved MD5 encryption algorithm
Naskar et al. A secure symmetric image encryption based on bit-wise operation
EP1587237B1 (en) Security countermeasures for power analysis attacks
US20040247116A1 (en) Method of generating a stream cipher using multiple keys
Naskar et al. A secure symmetric image encryption based on linear geometry
EP3832945A1 (en) System and method for protecting memory encryption against template attacks
Liu et al. Improving tag generation for memory data authentication in embedded processor systems
Antonio et al. A modified generation of S-box for advanced encryption standards
Abad et al. Enhanced key generation algorithm of hashing message authentication code
RU2694336C1 (en) Authenticated coding method
MANAA et al. A PROACTIVE DATA SECURITY SCHEME OF FILES USING MINHASH TECHNIQUE
EP2293488A1 (en) Method for cryptographic processing of data units
Kumar et al. Optimizing the Algorithm for Secure and Dynamic Cloud Storage using MHT
Jauhari et al. Secure and Optimized Algorithm for Implementation of Digital Signature

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant